xworm | Expensive 3[.]1[.]exe | Triage

Sharing

General

Target

Expensive 3.1.exe
Size

60KB
MD5

a66624abb377e5ff52d4d2ae2707aca2
SHA1

a8bcdcaa2536996637e19827d2753e55bba45a28
SHA256

eb75a771291082654ce1c0ef9feb1bf6cd30da8b85b1e342df0bd3b9af35a3b8
SHA512

ec24aad17f3febb434f6c2f8c371ff0bba486abe9e7768c55f8ca766bb0363791b8a991945795277170a57a64f431a1c5f70a7d4acc4b7d878e9e983aafe26d1
SSDEEP

1536:4ptathcJHAxzcA0VzP5k3O+bB3JcSnGSq67Oy7m/:YoPcJVK++b9JcqOyM

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

loss-winners.gl.at.ply.gg:61007

Attributes

Install_directory
%AppData%
install_file
Expensive 3.1.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Expensive 3.1.exe

Files

Expensive 3.1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ